ComboFix 09-03-13.02 - Jørgen 2009-03-14 16:53:19.3 - NTFSx86 Kjører fra: C:\Users\Jørgen\Ny mappe\ComboFix.exe FW: COMODO Firewall *enabled* . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\install.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-14 til 2009-03-14 ))))))))))))))))))))))))))))))))) . 2009-03-14 14:37 . 2009-03-14 14:37 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-14 14:37 . 2009-02-11 10:19 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2009-03-14 14:37 . 2009-02-11 10:19 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2009-03-12 22:33 . 2008-04-17 12:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2009-03-12 22:33 . 2009-01-15 12:19 23,848 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2009-03-12 22:32 . 2009-03-12 22:32 d-------- C:\Users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-12 22:32 . 2009-03-12 22:32 d-------- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-12 22:32 . 2009-03-12 22:32 d-------- C:\Program Files\iPod 2009-03-12 22:28 . 2009-03-12 22:29 d-------- C:\Program Files\QuickTime 2009-03-12 21:44 . 2009-03-14 14:31 d-------- C:\Users\Jørgen\Tracing 2009-03-12 21:44 . 2009-03-14 14:31 d-------- C:\Users\Jørgen\Tracing 2009-03-12 21:42 . 2009-02-06 18:08 55,280 --a------ C:\Windows\System32\drivers\fssfltr.sys 2009-03-12 21:35 . 2009-03-12 21:35 d-------- C:\Program Files\Microsoft 2009-03-12 21:34 . 2009-03-12 21:34 d-------- C:\Program Files\Windows Live SkyDrive 2009-03-12 21:29 . 2009-03-12 21:29 d-------- C:\Program Files\Common Files\Windows Live 2009-03-12 17:36 . 2008-12-16 04:29 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2009-03-12 17:36 . 2008-11-27 05:43 268,288 --a------ C:\Windows\System32\schannel.dll 2009-03-12 17:36 . 2008-12-16 06:31 7,680 --a------ C:\Windows\System32\spwmp.dll 2009-03-12 17:36 . 2008-12-16 06:31 4,096 --a------ C:\Windows\System32\msdxm.ocx 2009-03-12 17:36 . 2008-12-16 06:31 4,096 --a------ C:\Windows\System32\dxmasf.dll 2009-03-12 17:34 . 2009-02-09 04:10 2,033,152 --a------ C:\Windows\System32\win32k.sys 2009-03-10 10:56 . 2009-03-10 10:56 d-------- C:\Program Files\Microsoft Silverlight 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\Users\Public\Roaming 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\Users\Jørgen\Roaming 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\Users\Jørgen\Roaming 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\Users\Jørgen\AppData\Roaming\Intel 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\Users\Default\Roaming 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\Users\All Users\Roaming 2009-03-10 10:49 . 2009-03-10 10:49 d-------- C:\ProgramData\Roaming 2009-03-10 10:46 . 2009-03-10 10:46 d-------- C:\Users\All Users\Intel 2009-03-10 10:46 . 2009-03-10 10:46 d-------- C:\ProgramData\Intel 2009-03-10 10:46 . 2009-03-10 10:46 d-------- C:\Program Files\Common Files\Intel 2009-03-10 10:46 . 2009-03-10 10:46 d-------- C:\Program Files\Cisco 2009-03-09 19:43 . 2009-03-14 14:54 d-------- C:\Program Files\Dealio 2009-03-09 19:42 . 2009-01-22 14:28 290,816 --a------ C:\Windows\System32\decdll.dll 2009-03-05 18:06 . 2009-03-14 14:50 d-------- C:\Users\All Users\Lavasoft 2009-03-05 18:06 . 2009-03-14 14:50 d--h-c--- C:\Users\All Users\~0 2009-03-05 18:06 . 2009-03-14 14:50 d-------- C:\ProgramData\Lavasoft 2009-03-05 18:06 . 2009-03-14 14:50 d--h-c--- C:\ProgramData\~0 2009-03-05 18:06 . 2009-03-14 14:50 d-------- C:\Program Files\Lavasoft 2009-03-05 15:20 . 2009-03-12 18:30 d-------- C:\Users\Jørgen\O 2009-03-05 15:20 . 2009-03-12 18:30 d-------- C:\Users\Jørgen\O 2009-03-05 12:13 . 2009-03-05 16:21 d-------- C:\Downloads 2009-03-05 12:12 . 2009-03-12 22:40 d-------- C:\Users\Jørgen\AppData\Roaming\Orbit 2009-03-05 12:12 . 2009-03-05 12:13 d-------- C:\Program Files\Orbitdownloader 2009-02-28 00:42 . 2009-02-28 01:07 d-------- C:\Program Files\McAfee 2009-02-28 00:42 . 2009-02-28 00:42 d-------- C:\Program Files\Common Files\McAfee 2009-02-27 19:44 . 2009-03-02 19:08 201,352 --a------ C:\Windows\System32\PnkBstrB.exe 2009-02-27 19:44 . 2009-03-02 19:09 140,216 --a------ C:\Windows\System32\drivers\PnkBstrK.sys 2009-02-27 19:44 . 2009-02-27 19:44 75,064 --a------ C:\Windows\System32\PnkBstrA.exe 2009-02-24 17:17 . 2009-02-24 17:17 d-------- C:\Users\Jørgen\AppData\Roaming\PeerNetworking 2009-02-22 16:41 . 2009-03-03 16:20 d-------- C:\Program Files\EA GAMES . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-14 16:01 3,407,872 --sha-w C:\Users\Jørgen\NTUSER.DAT 2009-03-14 16:01 3,407,872 --sha-w C:\Users\Jørgen\NTUSER.DAT 2009-03-13 23:36 31,966 ----a-w C:\Users\All Users\nvModes.dat 2009-03-13 23:36 31,966 ----a-w C:\ProgramData\nvModes.dat 2009-03-13 17:40 --------- d-----w C:\Users\Jørgen\AppData\Roaming\dvdcss 2009-03-13 15:42 --------- d-----w C:\Program Files\Google 2009-03-13 15:42 --------- d-----w C:\Program Files\Common Files\Steam 2009-03-13 15:03 --------- d-----w C:\Program Files\Windows Mail 2009-03-12 21:40 --------- d-----w C:\Users\Jørgen\AppData\Roaming\Orbit 2009-03-12 21:32 --------- d-----w C:\Program Files\iTunes 2009-03-12 21:32 --------- d-----w C:\Program Files\Common Files\Apple 2009-03-12 21:01 --------- d-----w C:\Users\Jørgen\AppData\Roaming\Adobe 2009-03-12 21:01 --------- d-----w C:\Program Files\Common Files\Adobe 2009-03-12 20:42 --------- d-----w C:\Program Files\Windows Live 2009-03-10 09:49 --------- d-----w C:\Users\Jørgen\AppData\Roaming\Intel 2009-03-10 09:46 --------- d-----w C:\Program Files\Intel 2009-03-09 18:43 --------- d-----w C:\Program Files\Search Settings 2009-03-09 18:42 --------- d-----w C:\Program Files\Free Video Converter 2009-02-27 23:43 --------- d-----w C:\ProgramData\McAfee 2009-02-27 18:44 794,408 ----a-w C:\Windows\System32\pbsvc.exe 2009-02-27 18:44 139,152 ----a-w C:\Users\Jørgen\AppData\Roaming\PnkBstrK.sys 2009-02-27 17:04 155,384 ----a-w C:\Windows\System32\guard32.dll 2009-02-27 17:04 108,560 ----a-w C:\Windows\system32\drivers\cmdguard.sys 2009-02-24 16:17 --------- d-----w C:\Users\Jørgen\AppData\Roaming\PeerNetworking 2009-02-23 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2009-02-22 14:52 28,688 ----a-w C:\Windows\system32\drivers\cmdhlp.sys 2009-02-22 14:43 --------- d-----w C:\ProgramData\comodo 2009-02-13 16:11 --------- d-----w C:\ProgramData\TrackMania 2009-02-12 18:30 --------- d-----w C:\Program Files\Emote 2009-02-07 15:53 249,592 ----a-w C:\Windows\System32\cssdll32.dll 2009-02-07 15:53 --------- d-----w C:\Program Files\COMODO 2009-02-06 17:52 49,504 ----a-w C:\Windows\System32\sirenacm.dll 2009-01-25 16:47 --------- d-----w C:\Users\Jørgen\AppData\Roaming\OpenOffice.org 2009-01-25 16:37 --------- d-----w C:\Program Files\GameSpy Arcade 2009-01-24 20:35 --------- d-----w C:\Program Files\OpenOffice.org 3 2009-01-23 17:58 --------- d-----w C:\ProgramData\NVIDIA 2009-01-20 20:08 --------- d-----w C:\Users\Jørgen\AppData\Roaming\Greyfirst 2009-01-20 20:08 --------- d-----w C:\Program Files\Celtx 2009-01-19 21:06 --------- d-s---w C:\Users\Jørgen\AppData\Roaming\Microsoft 2009-01-18 14:47 --------- d-----w C:\ProgramData\FLEXnet 2009-01-18 14:38 --------- d-----w C:\Program Files\Adobe Media Player 2009-01-18 14:36 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2009-01-18 14:22 --------- d-----w C:\Users\Jørgen\AppData\Roaming\Download Manager 2009-01-17 21:24 --------- d-----w C:\Program Files\Bonjour 2009-01-17 21:22 --------- d-----w C:\ProgramData\Apple Computer 2009-01-15 06:11 827,392 ----a-w C:\Windows\System32\wininet.dll 2009-01-14 15:59 --------- d-----w C:\Users\Jørgen\AppData\Roaming\OpenOffice.org2 2008-12-23 20:58 453,152 ----a-w C:\Windows\System32\nvuninst.exe 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 18:52 3885400] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 16:42 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 20:50 1037608] "BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 21:42 34040] "PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 09:56 200704] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-04-01 02:01 793096] "eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 02:36 544768] "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 22:38 526896] "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 18:02 397312] "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 15:30 147456] "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 15:30 167936] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 14:18 167936] "WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 08:03 303104] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43 136600] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04 39792] "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 16:57 991584] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-12-26 07:20 13736480] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-12-26 07:20 92704] "COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2009-02-07 16:53 278264] "COMODO Internet Security"="D:\Program Files\Comodo Firewall\Comodo\COMODO Internet Security\cfp.exe" [2009-02-27 18:03 1851128] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 16:18 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-11 13:52 342312] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 12:19:52 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\Windows\system32\cssdll32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=C:\Users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=C:\Windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=C:\Users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk backup=C:\Windows\pss\Xfire.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-11 13:52 342312 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-21 03:23 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-09-27 15:43 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{E8F0DA3C-3A30-4583-9D6C-F70113CF165C}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{DE011E25-F451-49B1-88BE-0E5F3932A963}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{1E0C1E8C-D616-4A79-A510-A8550E92B3CE}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{0E0BF7B8-8DAA-4197-80E9-E461CAE460B0}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{F87C9358-645F-481F-AFE5-138B952DE647}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{DEA85F90-51EB-401B-A13C-4127C7779290}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E28DC5E9-EA09-4DE9-9A45-6E7872C0CF38}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{0376ED7B-3027-4EFE-9E42-540D1ED3571B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{DB216395-2107-4A4C-846B-D4243C4B6F45}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{130BF4CE-CC92-490B-931D-23B05F1C77D8}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{81480371-74EB-4FC7-BC50-F9A908384FA6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{18995F6E-0CD6-4A79-B4AF-124A499655E9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{CB90BF18-6003-4E94-B590-940FA6D6A00D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{778FB47D-38DB-487D-B39A-6BA01666FFFC}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{4BFE2437-C3FC-4605-AF01-A04A4C218D1B}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{0B63AFBE-8BDC-4546-99E8-0DA846DDE8BE}C:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:C:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer "UDP Query User{86642A40-E0A7-4D62-85D6-477C945C69A8}C:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:C:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer "TCP Query User{B1CF11E1-9685-470E-82B0-43CA698FED8D}D:\\program files\\steam\\steamapps\\step_jor\\counter-strike source\\hl2.exe"= UDP:D:\program files\steam\steamapps\step_jor\counter-strike source\hl2.exe:hl2 "UDP Query User{88213B51-8847-4DE6-8D3D-EBA90F07CB01}D:\\program files\\steam\\steamapps\\step_jor\\counter-strike source\\hl2.exe"= TCP:D:\program files\steam\steamapps\step_jor\counter-strike source\hl2.exe:hl2 "TCP Query User{658626C3-D1CA-443C-9A21-3BA62C1E6EEF}C:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:C:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "UDP Query User{DF4D618E-45E3-4757-94E6-FAD5BE4C4D11}C:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:C:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "TCP Query User{10DF046D-6465-454D-A2BE-38FF889AA139}D:\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "UDP Query User{10A05F44-3C3A-4CCB-9F27-0BD477EB8F78}D:\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "TCP Query User{853D7338-9926-4264-983B-C499284DAD88}D:\\program files\\steam\\steamapps\\step_jor\\day of defeat source\\hl2.exe"= UDP:D:\program files\steam\steamapps\step_jor\day of defeat source\hl2.exe:hl2 "UDP Query User{A7216022-9D1D-400D-80EC-A224ED07B087}D:\\program files\\steam\\steamapps\\step_jor\\day of defeat source\\hl2.exe"= TCP:D:\program files\steam\steamapps\step_jor\day of defeat source\hl2.exe:hl2 "TCP Query User{5E9E9E00-88CB-45A7-882D-5890DC64074F}D:\\program files\\steam\\steamapps\\step_jor\\half-life 2 deathmatch\\hl2.exe"= UDP:D:\program files\steam\steamapps\step_jor\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{FE1BC222-6D03-4056-9F0A-FD8FB1BF520B}D:\\program files\\steam\\steamapps\\step_jor\\half-life 2 deathmatch\\hl2.exe"= TCP:D:\program files\steam\steamapps\step_jor\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{764BB503-A459-4032-870F-99F8DA400A63}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{2F9B39BD-AAF6-48C2-9FCD-34864137BD74}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{7914D2DF-D4B5-4C46-AFB1-5EDA30DC3326}D:\\program files\\rv house\\rv_house.exe"= UDP:D:\program files\rv house\rv_house.exe:rv_house "UDP Query User{615F2EDE-4B2D-4E6F-BF94-74D4374684AB}D:\\program files\\rv house\\rv_house.exe"= TCP:D:\program files\rv house\rv_house.exe:rv_house "TCP Query User{1515EE6B-3E56-448A-B7FA-6DC1242B1C61}C:\\program files\\acclaim\\revolt\\revolt.exe"= UDP:C:\program files\acclaim\revolt\revolt.exe:revolt "UDP Query User{9A134B9B-FE5E-4D62-9DBA-A90ADB55BF1F}C:\\program files\\acclaim\\revolt\\revolt.exe"= TCP:C:\program files\acclaim\revolt\revolt.exe:revolt "{AB177751-D994-45B9-B81F-D297AFD892BD}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{20016145-3E37-461B-8F15-16DB8B5B1E56}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{C8EA0EB3-BFA4-4A76-A288-6F7439CD00FD}"= UDP:C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2 "{696B1279-E435-446E-B547-21685A2B1CE7}"= TCP:C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2 "TCP Query User{9AF53F24-A129-44A7-85D5-C380E840FD83}D:\\program files\\steam\\steamapps\\step_jor\\source sdk base\\hl2.exe"= UDP:D:\program files\steam\steamapps\step_jor\source sdk base\hl2.exe:hl2 "UDP Query User{A504EF4D-8A68-47E5-A5B0-4385473209C8}D:\\program files\\steam\\steamapps\\step_jor\\source sdk base\\hl2.exe"= TCP:D:\program files\steam\steamapps\step_jor\source sdk base\hl2.exe:hl2 "{27A4805A-7186-4F69-895D-414BE6E90089}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{452A4E34-1D4D-4C3D-AB6B-FB31149590EB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{64790CD4-86B1-4691-8D92-CE7A8D1969AE}"= UDP:C:\Users\Jørgen\AppData\LocalLow\GarageGames\IAPlayer\products\www_instantaction_com\102\install\Legions.exe:Legions "{E426CA94-B75E-49B8-9887-EC70EB64566C}"= TCP:C:\Users\Jørgen\AppData\LocalLow\GarageGames\IAPlayer\products\www_instantaction_com\102\install\Legions.exe:Legions "{041DA30C-E5A9-4E99-9166-0D5E85BCBE71}"= UDP:D:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever "{9E3C40EF-EED9-46BE-A97A-11CAF109F101}"= TCP:D:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever "{5F8C596A-AEBD-4238-92B4-3EE409D33361}"= UDP:D:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever "{4F69CAA6-BAEB-403E-A26C-FF1F9E0D424F}"= TCP:D:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever "TCP Query User{D5E13B16-F70D-4384-B2FF-49A8B49D5829}D:\\program files\\steam\\steamapps\\step_jor\\zombie panic! source\\hl2.exe"= UDP:D:\program files\steam\steamapps\step_jor\zombie panic! source\hl2.exe:hl2 "UDP Query User{50FEF41F-0E8E-48C7-A5B7-FF10D2877365}D:\\program files\\steam\\steamapps\\step_jor\\zombie panic! source\\hl2.exe"= TCP:D:\program files\steam\steamapps\step_jor\zombie panic! source\hl2.exe:hl2 "TCP Query User{BC5B2389-D9E1-4624-A993-9B9B94BDDDAF}C:\\program files\\emote\\launcher\\launcher.exe"= UDP:C:\program files\emote\launcher\launcher.exe:launcher "UDP Query User{3AB10AA2-EEA9-4B9C-812F-512B81F706DE}C:\\program files\\emote\\launcher\\launcher.exe"= TCP:C:\program files\emote\launcher\launcher.exe:launcher "{1487E7FD-46FD-49AB-99C9-6B1625DF138C}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{5D4E30AC-05C9-4736-8A0C-0EC7972DBF46}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{A06DA30C-25B8-4EAA-BC0A-33C0A3EC5BE1}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "UDP Query User{D5D87D83-49BD-4B24-BFC2-58058E115D31}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "{EA663744-205D-4455-8311-7B98D4F81EDD}"= UDP:D:\Program Files\Utorrent\uTorrent.exe:µTorrent (TCP-In) "{B620C63F-32C4-438A-B2A0-55F503A6A500}"= TCP:D:\Program Files\Utorrent\uTorrent.exe:µTorrent (UDP-In) "{1AD288F3-D5E4-4E91-8255-B61E6489892E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{ABE77D7F-C789-4316-80B1-8076CFBAF161}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2009-02-07 16:50:02 108560] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2009-02-07 16:50:02 28688] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-09-27 12:46:33 61424] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 12:11:14 16384] R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-09-27 12:47:48 81504] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-05-12 21:36:03 24576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-28 00:42:22 206096] R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-09-27 12:47:52 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 02:03:14 131072] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2009-03-14 14:37:48 38496] R3 NETw5v32;Intel(R) Wireless WiFi Link-kortdriver for Windows Vista 32-bit;C:\Windows\System32\drivers\NETw5v32.sys [2008-09-27 21:57:22 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda32v.sys [2008-09-27 21:56:35 43552] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60x.sys [2008-01-21 03:23:20 179712] S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2009-03-12 21:42:57 55280] S3 fsssvc;Windows Live Tryggere for familien;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 18:08:58 533360] S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2008-11-18 14:36:52 7808] S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 21:42:24 50424] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBAMSWISSARMY [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LPDService REG_MULTI_SZ LPDSVC . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-12 C:\Windows\Tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-RGSC - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202 IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - C:\Users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\yewj90h5.default\ FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: C:\Program Files\Vizky\npVizky.dll ---- FIREFOX POLICIES ---- C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . . ------- Filassosiasjoner ------- . . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-14 16:58:19 Windows 6.0.6001 Service Pack 1 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile skanner skjulte prosesser ...